At  similar major sites, like Microsoft Store, iTunes, etc. there are constant AV sweeps to remove & mitigate malware agents.  Still brand new variants & working around these controls succeed.  SANS ISC shares potential for any site to be infected

Malicious Content Delivered Through archive.org (sans.edu)

archive.org[1], also known as the “way back machine” is a very popular Internet site that allows you to travel back in time and browse old versions of a website (like the ISC website). It works like regular search engines and continuously crawls the internet via bots. But there is another way to store content on archive.org: You may create an account and upload some content by yourself.  I found a piece of malicious Powershell that uses archive.org to download the next stage payload. It’s score on VT is only 5/58

That’s the wild Internet today: If you allow users to create an account and upload some data, chances are big that the feature will be (ab)used to host malicious content. Indeed, archive.org is a top domain and is usually not blocked or tagged as malicious.

[1] https://archive.org
[2] https://web.archive.org/web/*/isc.sans.edu

By admin